# Contributor: fossdd <fossdd@pwned.life>
# Maintainer: fossdd <fossdd@pwned.life>
pkgname=kanidm
pkgver=1.3.3
pkgrel=0
pkgdesc="A simple, secure and fast identity management platform"
url="https://kanidm.com/"
arch="x86_64 aarch64"
# only x86_64 (with x86_64_v2) and aarch64 (with neon_v8) supported:
# https://kanidm.github.io/kanidm/stable/prepare_the_server.html#cpu
license="MPL-2.0"
depends="
	$pkgname-clients
	$pkgname-server
	$pkgname-unixd-clients
	"
makedepends="
	bash
	bc
	binaryen
	brotli
	cargo-auditable
	libudev-zero-dev
	linux-pam-dev
	openssl-dev
	rsync
	rust-wasm
	wasm-bindgen
	wasm-pack
	"
install="
	$pkgname-server.pre-install
	$pkgname-unixd-clients.pre-install
	"
subpackages="
	$pkgname-bash-completion
	$pkgname-clients
	$pkgname-openrc
	$pkgname-server
	$pkgname-unixd-clients:unixd_clients
	$pkgname-zsh-completion
	"
source="$pkgname-$pkgver.tar.gz::https://github.com/kanidm/kanidm/archive/refs/tags/v$pkgver.tar.gz
	kanidmd.initd
	kanidm-unixd.initd
	kanidm-unixd-tasks.initd
	"
options="!check net" # takes too long, downloading rust crates

_profile="release_linux"
_cargoopts="--frozen --release
	--package daemon
	--package kanidm-ipa-sync
	--package kanidm_tools
	--package kanidm_unix_int
	--package nss_kanidm
	--package pam_kanidm
	"

prepare() {
	default_prepare

	rm -rf server/web_ui/pkg/*
	cargo fetch --target="$CTARGET" --locked
}

build() {
	export KANIDM_BUILD_PROFILE="$_profile"

	RUSTFLAGS="${RUSTFLAGS/-Clink-arg=-Wl,-z,pack-relative-relocs}" \
	make webui

	cargo auditable build $_cargoopts
}

check() {
	export KANIDM_BUILD_PROFILE="$_profile"
	cargo test $_cargoopts -- --test-threads=1
}

package() {
	# openrc
	install -Dm755 "$srcdir"/kanidmd.initd "$pkgdir"/etc/init.d/kanidmd
	install -Dm755 "$srcdir"/kanidm-unixd.initd "$pkgdir"/etc/init.d/kanidm-unixd
	install -Dm755 "$srcdir"/kanidm-unixd-tasks.initd "$pkgdir"/etc/init.d/kanidm-unixd-tasks

	# zsh completion
	install -Dm644 target/release/build/completions/_kanidm -t "$pkgdir"/usr/share/zsh/site-functions/
	install -Dm644 target/release/build/completions/_kanidmd -t "$pkgdir"/usr/share/zsh/site-functions/
	install -Dm644 target/release/build/completions/_kanidm_ssh_authorizedkeys_direct -t "$pkgdir"/usr/share/zsh/site-functions/
	install -Dm644 target/release/build/completions/_kanidm_ssh_authorizedkeys -t "$pkgdir"/usr/share/zsh/site-functions/
	install -Dm644 target/release/build/completions/_kanidm_unix -t "$pkgdir"/usr/share/zsh/site-functions/

	# bash completion
	install -Dm644 target/release/build/completions/kanidm.bash -t "$pkgdir"/usr/share/bash-completion/completions/
	install -Dm644 target/release/build/completions/kanidmd.bash -t "$pkgdir"/usr/share/bash-completion/completions/
	install -Dm644 target/release/build/completions/kanidm_ssh_authorizedkeys_direct.bash -t "$pkgdir"/usr/share/bash-completion/completions/
	install -Dm644 target/release/build/completions/kanidm_ssh_authorizedkeys.bash -t "$pkgdir"/usr/share/bash-completion/completions/
	install -Dm644 target/release/build/completions/kanidm_unix.bash -t "$pkgdir"/usr/share/bash-completion/completions/
}

clients() {
	pkgdesc="Kanidm client to interact with kanidm identity management server"
	depends=""

	install -Dm755 "$builddir"/target/release/kanidm -t "$subpkgdir"/usr/bin/
	install -Dm644 "$builddir"/examples/config -t "$subpkgdir"/etc/kanidm/
}

server() {
	pkgdesc="Kanidm server for idendity management, supports RADIUS, ssh key management"
	depends=""

	install -Dm755 "$builddir"/target/release/kanidmd -t "$subpkgdir"/usr/bin/
	install -Dm755 "$builddir"/target/release/kanidm-ipa-sync -t "$subpkgdir"/usr/bin/
	install -Dm644 "$builddir"/examples/server.toml -t "$subpkgdir"/etc/kanidm/

	install -dv "$subpkgdir"/usr/share/kanidm/ui/
	cp -r "$builddir"/server/web_ui/pkg "$subpkgdir"/usr/share/kanidm/ui/
}

unixd_clients() {
	pkgdesc="Kanidm localhost resolver to resolve posix identities to a kanidm instance"
	depends=""

	install -Dm755 "$builddir"/target/release/kanidm_ssh_authorizedkeys -t "$subpkgdir"/usr/bin/
	install -Dm755 "$builddir"/target/release/kanidm_ssh_authorizedkeys_direct -t "$subpkgdir"/usr/bin/
	install -Dm755 "$builddir"/target/release/kanidm-unix -t "$subpkgdir"/usr/bin/
	install -Dm755 "$builddir"/target/release/kanidm_unixd -t "$subpkgdir"/usr/bin/
	install -Dm755 "$builddir"/target/release/kanidm_unixd_tasks -t "$subpkgdir"/usr/bin/

	install -Dm755 "$builddir"/target/release/libnss_kanidm.so "$subpkgdir"/usr/lib/libnss_kanidm.so.2
	install -Dm755 "$builddir"/target/release/libpam_kanidm.so "$subpkgdir"/usr/lib/security/pam_kanidm.so

	install -Dm644 "$builddir"/examples/unixd -t "$subpkgdir"/etc/kanidm/
}

sha512sums="
0e00634964bef76c97c15e129d43350cab8d71ea9504751a2227c0a60edddd004f682213c639aa43d9f192d6e85138aa4e42312b8d8d5c352f02899813ab6fe0  kanidm-1.3.3.tar.gz
718974ccf058f6e12894882b9bd27ccb3977b3d23be088752368d2c85d0e3c31a182ef9096cbced506d8d1d5d63a7e1e4dd22c07f7009e4532820d0d96ebef7c  kanidmd.initd
c2936f5247122c3f6729ceca377a025c3752103c98e279df549a0d664783070561261edea41e7becf75d56f181cba05667c96a46205147ad25b284544ad5d656  kanidm-unixd.initd
08ab2aa7c1e8b14740172df89f3d265e1a7a06da083f65e8a296f7ac4cfdce7629b624d294a9de9bf4abf42769ca88efd10cb0edbbeb2320971b92d1bee393c0  kanidm-unixd-tasks.initd
"
